OurRef.:041007.P006 



APPLICATION FOR UNITED STATES LETTERS PATENT 



FOR 



Distributed Service Level Management 
For Network Traffic 



Inventor(s): 
Thomas E. Anderson 
Stefan R. Savage 
David J. Wetherall 



Prepared by: 
Columbia IP Law Group, LLC 
Seattle/Kirkland Office 



"Express Mail" label number EL910784302US 



Attorney Docket Ref: 41007.P006 

Distributed Service Level Management For Network Traffic 

BACKGROUND OF THE INVENTION 

5 

1. Field of the Invention 

The present invention relates to the field of networking. More specifically, the 
present invention addresses the issue of managing service level goals or 
commitments for a group of network traffic serviced by a networking device (such as 
10 a "router")- 

2. Background Information 

With advances in integrated circuit, microprocessor, networking and 
communication technologies, increasing number of devices, in particular, digital 

15 computing devices, are being networked together. Devices are often first coupled to 
a local area network, such as an Ethernet based office/home network. In turn the 
local area networks are interconnected together through wide area networks, such 
as ATM networks, Frame Relays, and the like. Of particular notoriety is the TCP/IP 
based global inter-networks, Internet. 

20 As a result of this trend of increased connectivity, increasing number of 

applications that are network dependent are being deployed. Examples of these 
network dependent applications include but are not limited to, email, net based 
telephony, world wide web and various types of e-commerce. For these 
applications, success inherently means high volume of network traffic for their 

25 implementing servers. To ensure continuing success, quality of service through 
orderly and efficient handling of the large volume of network traffic has become of 
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paramount importance. Various subject matters, such as scalability, distributive 
deployment and caching of contents, as well as achieving and maintaining service 
level goals or commitments by networking devices have become of great interest. 
The capabilities and capacity of a networking device are probably the primary 
5 factors in determining the networking device's ability in meeting its service level 
goals/commitments, whether the goals/commitments are reliability or performance 
oriented. However, in a shared networked world, having plenty of capabilities and 
capacity in and of themselves does not automatically guarantee that the networking 
device will be able to meet its service level goals/commitments. Unexpected or 
C3 10 unplanned surges/increases in "non-essential" or "superfluous" network traffic 
sO potentially could cause congestion, and adversely impacts the networking device's 
O ability to service the "essential" network traffic. 

W Various bandwidth reservations or priorities based schemes (attributed to 

■ SB 

individual packets or packet types and self-administered by the networking devices 
i| 15 having the service level goal/commitments) are employed in the art to ensure that 
2 the appropriate service levels are provided. However, these schemes impose the 
J burden on the networking device "struggling" to meet the service level 

goals/commitments, further compounding the problem. Moreover, the various 

schemes are tend to be complex and difficult to implement. Thus, alternate 
20 approaches to enhancing the likelihood of a networking device's ability to meet its 

service level goals/commitments are desired. 
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SUMMARY OF THE INVENTION 

One or more networking apparatuses are employed to practice a networking 
method that improves a networking device's likelihood in meeting its service level 

5 goals/commitments for a first group of network traffic serviced by the first networking 
device. Determination is made, away from the networking device, on whether the 
network device is meeting the service level goals/commitments for the first group of 
network traffic. Determination may include monitoring the first group of network 
traffic at or away from the networking device. If the service level goals/commitments 

10 are not being met, at least a second group of network traffic (also serviced by the 
first networking device) is selected for regulation. Regulation may be made at the 
networking device or away from the network device, at other nodes of the network. 

Additionally, if the condition for regulation no longer presents, regulation may 
be moderated or removed. Further, the service level goals/commitments may 

1 5 include reliability and/or performance goals/commitments. 
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BRIEF DESCRIPTION OF DRAWINGS 

The present invention will be described by way of exemplary embodiments, 
but not limitations, illustrated in the accompanying drawings in which like references 
5 denote similar elements, and in which: 

Figure 1 illustrates a network view of the present invention, including a 
sensor function and a director function, in accordance with one embodiment; 

Figure 2 illustrates a method view of the same invention, in accordance with 
one embodiment; 

G5 10 Figure 3 illustrates a component view of the sensor function, in accordance 

m with one embodiment; 

0 Figures 4-6 illustrate the operational flow of the relevant aspects of the 

hj requestor, reporter and command application functions of Fig. 3, in accordance with 

ii ff t . 

1 one embodiment each; 

Cj 15 Figure 7 illustrates an architectural view of a sensor, in accordance with one 

2 embodiment; 

; : f Figure 8 illustrates a component view of a director function, in accordance 

with one embodiment; 

Figures 9-1 1 illustrate the operational flow of the relevant aspects of the 
20 send/receive, analyzer and regulator functions of Fig. 8, in accordance with one 
embodiment each; and 

Figure 12 illustrates an example computer system suitable for use to host a 
software implementation of the sensor or the director function, in accordance with 
one embodiment. 
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DETAILED DESCRIPTION OF THE INVENTION 

The present invention provides a novel approach to distributive^ manage 
service level goals/commitments for a group of network traffic serviced by a 
5 networking device (such as a "router"). In the description to follow, various aspects of 
the present invention will be described. However, the present invention may be 
practiced with only some of the aspects described. For purposes of explanation, 
specific numbers, materials and configurations are set forth in order to provide a 
thorough understanding of the present invention. However, the present invention 
10 may be practiced without some of the specific details described. In other instances, 
well known features are omitted or simplified in order not to obscure the present 
invention. 

Parts of the description will be presented in terms of operations performed by a 
processor based device, using terms such as requesting, reporting, determining, 

15 data, and the like, consistent with the manner commonly employed by those skilled in 
the art to convey the substance of their work to others skilled in the art. The 
"quantities" or the "objects" of the various operations take the form of electrical, 
magnetic, or optical signals capable of being stored, transferred, combined, and 
otherwise manipulated through mechanical and electrical components of the 

20 processor based device. The term processor includes microprocessors, micro- 
controllers, digital signal processors, and the like, that are standalone, adjunct or 
embedded. 

Various operations will be described as multiple discrete steps in turn, in a 
manner that is most helpful in understanding the present invention, however, the 
25 order of description should not be construed as to imply that these operations are 
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necessarily order dependent. In particular, these operations need not be performed 

in the order of presentation. 

The terms "router" and "route" are used throughout this application, in the 

claims as well as in the specification. The terms as used herein are intended to have 
5 a broader meaning than its normal plain meaning as understood by those ordinarily 

skilled in the networking art. They are intended to be genus terms that include the 

conventional routers and conventional routing, as well as all other variations of 

network trafficking, such as, switches or switching, gateways, hubs and the like. 

Thus, unless particularized, the terms are to be given this broader meaning. 
Q 10 Further, the description repeatedly uses the phrase "in one embodiment", 

tfl which ordinarily does not refer to the same embodiment, although it may. 

w Overview 

Referring now first to Figure 1 , wherein a block diagram illustrating a network 
%l 15 view of the present invention, in accordance with one embodiment, are shown. As 
2 illustrated, in accordance with the present invention, network traffic is distributively 

2 managed for a networking device, such as routing device 106, to enable the 

networking device to meet the service level goal(s) or commitment(s) for a group of 
network traffic, such as network traffic 107a, serviced by the networking device. For 
20 the illustrated embodiment, network traffic is distributively managed employing 
director function 102, augmented with sensor function 104. More specifically, 
director function 102, assisted by sensor function 104, is employed to reduce the 
negative impact of other network traffics, such as network traffic 107b, on the ability 
of routing device 106 to meet its service level goals or commitments for network 
25 traffic 107a. Typically, although not necessarily, the other network traffics to be 
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regulated are other network traffics also serviced by the networking device of 
interest. 

The present invention contemplates that the service level goals/commitments 
may be one of a variety of reliability, performance as well as other service level 
5 goals/commitments of like kinds. The term "service level goals" as used herein 
generally refers to "self-imposed" desired service levels, whereas the term "service 
level commitments" generally refers to desired service level commitments made to 
"clients" of the networking devices of interest. For the purpose of practicing the 
present invention, the two terms are synonymous. In other words, as far as 
p 10 practicing the present invention, there are no substantive differences between 
yg distributively managing for service level goals versus managing for service level 
n commitments. Accordingly, hereinafter, the two terms may be used 
\Z interchangeably. 

^ For the illustrated embodiment, network traffics 107a and 107b are destined 

J- 15 for or sourced from destination/source 108a and 108b respectively. As illustrated, 
J destination/source 108a and 108b may be a server, a routing device or a network of 
«f servers/networking devices. Moreover, for alternate embodiments, 

destination/source 108a and 108b may be the same destination/source. That is, 
network traffics 107a and 107b may be network traffics destined for the same 
20 destination node/network, but sourced from different clients of the destination 
node/network. In other words, network traffics may be managed for a beneficiary 
server, favoring one of its clients over other clients. 

Briefly, director function 102 (assisted by sensor 104, for the illustrated 
embodiment) distributively determines, away from routing device 106, whether 
25 routing device 106 is meeting its service level goals/commitments for network traffic 
107a. If not, other network traffics, such as network traffic 107b, are distributively 
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identified (away from routing device 106) and regulated to assist routing device 106 
in meeting its service level goals/commitments for network traffic 107a. Regulation 
of network traffics 107b may be applied at routing device 106 or other locations, i.e. 
networks nodes (not shown) of network 100. 
5 In due course, director function 102 (assisted by sensor 104, for the 

illustrated embodiment) also distributive^ determines, away from routing device 
106, whether the condition or conditions that cause the inability of routing device 
106 to meet its service level goals/commitments for network traffics 107a still 
present. If the condition or conditions no longer present, director function 102 
10 distributive^ determines, away from routing device 106, where in network 100 and 
by how much regulation should be moderated (i.e. de-regulating previously imposed 
regulations). 

Network 100 is intended to represent a broad range of private as well as 
public networks or interconnected networks, such as the enterprise network of a 

15 multi-national corporation, or the Internet. Except for the manner network traffics 
are distributively managed, networking nodes, such as, routing device 106, or 108a 
and 108b f or servers 108a-108b or "subnetworks 108a-108b, are all intended to 
represent a broad range of network trafficking equipment/entities. In the case of 
routing devices 106 or 108a/108b, they may include but are not limited to 

20 conventional routers, switches, gateways, hubs and the like. 

In one embodiment, director function 102 and sensor function 104 are 
implemented on one or more network management devices separate and distinct 
from routing device 106, as illustrated in Fig. 1. In alternate embodiments, director 
function 102 and sensor function 104 may be implemented on the same network 

25 management device, and the "network management" device may be routing device 
106 itself (self-manage). 
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The coupling between the implementing device or devices of director and 
sensor functions 102 and 104 may be made using any one of a number of 
communication links known in the art, such as modem links over conventional 
phone lines, Digital Subscriber Lines (DSL), Integrated Service Digital Network 
5 (ISDN) connections, Asynchronous Transfer Mode (ASM) links, Frame Relay 
connections, and the like. 

While for ease of understanding, only one director function 102, one sensor 
function 104, a router 106, and a handful each of network "nodes" 108a-108b are 
included in the illustration, from the description to follow, it will be readily apparent 
O 10 that the present invention may be practiced with more than one director function 102 
Jfi as well as more or less network "nodes" 108a-108b, routing devices 106 and sensor 
p functions 104. If more than one director function 102 is employed, typically when a 
[J] larger number of sensor functions 104 are employed, each director function 102 
* f 3 may be assigned responsibility for a subset of the sensor functions employed. The 
*t 15 director functions may relate to each other in a master/slave relationship, with one of 
rf the director functions serving as the "master" (and the others as "slaves"), or as 
*f peers to one another or organized into a hierarchy. Further, a sensor function may 
monitor multiple routing devices. 



20 Having now provided an overview of the present invention, we further refer to 

Figure 2, wherein a method view of the present invention, in accordance with one 
embodiment, is shown. As illustrated and alluded to earlier, the method starts with 
director function 102 determining (away from routing device 106) whether routing 
device 106 is meeting its service level goals/commitments for network traffic 107a 

25 (block 204). Upon determining the routing device 106 is not meeting its service level 
goals/commitments for network traffic 107a, director function 102 identifies (away 
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from routing device 106) a group of other network traffic that substantially 
contributes to the inability of routing device 106 in meeting its service level 
goals/commitments (block 206). Upon identifying a group of other network traffic as 
a substantial contributor to the inability of routing device 106 in meeting its service 
5 level goals/commitments, director function 102 causes the identified other network 
traffic to be regulated accordingly (block 208). As described earlier, the regulations 
may be applied at routing device 106 or at other locations of network 100. 

Back at block 204, if it is determined that routing device 106 is meeting its 
service level goals/commitments, director function 102 determines (away from 
n 10 routing device 106) whether at least one other group of network traffics is being 
; tt regulated to assist routing device 106 in meeting its service level 
P goals/commitments, and whether regulation may be moderated (block 210). Upon 
determining that regulation may be moderated, director function 102 determines the 
locations and amounts of de-regulations, and causes the de-regulation to be applied 
J^) 15 accordingly (block 212). As alluded to earlier, the de-regulations may be applied at 
ff routing device 106 or at other regulated locations of network 100. 

Having now also described the method of the present invention at a high 
level, we now describe a number of the aforementioned aspects in further details. 

20 Still referring to Figs. 1-2, as alluded to earlier and illustrated, sensor function 104 is 
employed to assist director function 102 in distributive^ managing network traffic for 
the benefit of routing device 106. More specifically, sensor function 104 is 
employed to monitor network traffic 107b as well as network 107a. That is, sensor 
function 104 is employed to monitor the network traffics that substantially contribute 

25 to the inability of routing device 106 in meeting its service level goals/commitments 
(network traffic 107b), as well the network traffic associated with the service level 
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goals/commitments of interest (network traffic 107a). Of course, in alternate 
embodiments, network traffic may be monitored and reported by networking device 
106 itself or with different sensors being employed. 

For the illustrated embodiment, monitoring of network traffic 107a and 107b 
5 involves monitoring of various network traffic metrics for network traffic 107a and 
107b. Typically, these network traffic metrics are at least partially indicative of 
whether routing device 106 is meeting its service level goals/commitments. For 
reliability goals/commitments, these network traffic metrics may include for example, 
packet drop rate. Similarly, for performance goals/commitments, these data may 

p 10 include for example, the volume of data being sent or transmitted, or the average 

Jjj turnaround time of the packets of network traffic 107a-107b. 

g Further, for the illustrated embodiment, monitoring of network traffic 107a and 

107b are performed at routing device 106. However, in alternate embodiments, 
monitoring of network traffic 107a and 107b may be performed at other parts of 

rj 15 network 100. For example, upon determining the "typical" sources and destinations 
of network traffic 107a-107b, sensor function 104 may perform the monitoring at the 

5 determined source and destination locations of the network 100 or routing devices 
near the determined source and destination locations (beside routing device 106, 
the intended beneficiary). 
20 For the illustrated embodiment, the monitor data are provided periodically 

(e.g. on request) to director 102, which in turn performs its determination 
responsibilities based on the provided monitor data. However, in alternate 
embodiment, the monitor data may be provided continuously to director 102 instead. 
Thus, for this embodiment, at block 204, director 102, in response to the 
25 receipt of the reported data, determines whether routing device 106 is meeting its 
service level goals/commitments for network traffic 107a. The determination, may 

Anderson et al - Distributed 1 1 Express Mail Label No: 

Service Level Management For . . . EL91Q784302US 



Attorney Docket Ref: 41007.P006 



be made, for example, by comparing the received metric data against a number of 
pre-provided corresponding thresholds for the data metrics. For the earlier 
mentioned example, data metrics such as packet drop rates, volume of data and 
average response time, the corresponding thresholds may be a maximum drop rate, 
5 a minimum amount of data, and a minimum average response time. 

At block 206, for the illustrated embodiment, director function 102 determines 
if another group of network traffic, such as network traffic 107b, substantially 
contributes to the inability of routing device 106 in meeting its service level 
commitments, in accordance with configuration information pre-provided. In other 

10 words, director function 102 is pre-provided with the network traffic regulation 
candidates, and considers the candidates in order. In alternate embodiments, 
director function 102 may determine the candidates dynamically, e.g. by query 
routing device 106 for the "most active" network traffics. 

Network traffics 107b may be considered as being substantially contributing 

15 to the inability of routing device 106 in meeting its service level goals/commitments 
for a variety of reasons. For example, network traffics 107b may be so considered 
because of the amount of bandwidth network traffics 107b consume. 

At blocks 208 and 212, director function 102 causes regulations and de- 
regulations to be applied at networking device 106 or other selected locations of 

20 network 100. For the purpose of this application, regulation in general means 

moderating the amount of the network traffic to be regulated, whereas, de-regulation 
generally means relaxing the amount of moderation being applied to a particular 
group of network traffic. 

At its extreme, regulation could include completely blocking off network traffic 

25 of the particular kind. Examples of regulation actions include but are not limited to 
limiting the bandwidth available for, or lowering the priority of network traffic to be 
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regulated. Alternatively, a number of filters may also be applied to filter out the 
undesirable network traffic. 

In its most fundamental form, de-regulation could simply involve resuming 
allowance of network traffic of the particular kind. Examples of moderation 
5 relaxation actions include but are not limited to the "inverses" of the regulation 
actions, i.e. expanding the bandwidth available for, or increasing the priority of the 
regulated network traffic. Examples of unblocking actions include but are not limited 
to cessation of filtering of the network traffic destined for or sourced out of the third 
party network node. 

10 For the illustrated embodiment, at block 208, director function 102 selects 

networking device 106 itself for regulation. In alternate embodiments, director 
function 102 selects routing device that are "closest" to networking device 106, for 
regulation, and the regulation is iteratively and progressively extended outward, i.e. 
away from routing device 106. For de-regulation, for the illustrated embodiment, 

15 director function 102 again selects networking device 106 itself. For the alternate 
"progressive" regulation embodiment, director function 102 may de-regulate in 
"reverse" order, starting the deregulation from the "outermost" regulated routing 
device (away from networking device 106), and progressively retreat towards routing 
device 106. 

20 Regulations and de-regulations may be applied and relaxed on an iterative 

basis also. That is, regulation may be initiated at a relatively "low" predetermined 
level, and gradually increased overtime. Alternatively, regulation may be initiated at 
a relatively "high" predetermined level, and gradually decreased overtime. 
Similarly, any de-regulation may be started with a relatively "small" amount, and 

25 increased over time. 
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For block 210, director function 102 may determine whether regulation may 
be relaxed by determining whether the conditions that caused network traffics 107b 
to be regulated remain present. If the conditions no longer present, director function 
102 determines where the regulation may be relaxed, e.g. at routing device 106, or 
5 other regulated locations in network 100, and additionally, the amount of 
deregulations at the selected de-regulation locations. 

Note that under the present invention, regulation and de-regulation action 
such as bandwidth and priority regulations/de-regulations are dynamically 
determined and implemented, and no attribution of priority properties to the packets 

10 is necessary. In contrast, in the prior art, bandwidth reservations are pre- 

provisioned, and priorities are attributed to all packets. Further, priorities have be 
respected by all routers along the routing paths. Moreover, those skilled in the art 
will appreciate that the present invention is a superior approach, as the present 
invention is more flexible, works with a variety of routing capabilities, and generally, 

1 5 simpler to implement. 

For the illustrated embodiment, director function 102 issues the regulation/de- 
regulation instructions to the applicable routing device 106 or others in network 100 
via their corresponding sensor functions. That is, in the case of routing device 106, 
the regulation/de-regulation instructions are provided to routing device 106 via 

20 sensor function 104. Upon receipt of the instructions, applicable routing device 106 
or others (or corresponding sensor function 104) causes the desired regulation/de- 
regulation actions to be applied to effectuate the desired regulation/de-regulation on 
the targeted network traffic. In alternate embodiments, regulations and de- 
regulation instructions may be provided to the regulated/de-regulated devices 

25 directly. 
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Sensors 

Figure 3 illustrates a component view of sensor function 104, in accordance 
with one embodiment. The embodiment assumes that sensor function 104 is 
implemented on an externally disposed device, outside of its responsible routing 
5 device or devices (hereinafter, simply router or routers). Moreover, the regulation 
and de-regulation commands are issued to the routers through their responsible 
sensor functions 104. As illustrated, sensor function 104 includes requestor function 
302, reporter function 304 and command application function 306 operatively 
coupled to each other as shown. Requestor function 302 is used to request a router 
o 10 or routers for data depicting network traffic routed through the router/routers. The 
2 request/requests may be made periodically or on demand. The request/requests 
f!i may be made using any one of a number of communication protocols known in the 
Hi art. As alluded to earlier, examples of such data are network traffic statistical data. 
y ;l Requestor 302 is also used to request a router or routers to alter its/their routing 
H 15 operations to effectuate a desired regulation/de-regulation on the router/routers, with 
*ff respect to network traffic being serviced. The routing operation altering request 
0 commands are typically made as a result of regulation/de-regulation instructions 

provided by director function 102. Similarly, the commands may be provided to the 
router/routers via any one of a number of communication protocols known in the art 
20 (e.g. defined by the router or other standard or proprietary protocol). 

Reporter function 304 is used to report the gathered network traffic data. 
More specifically, reporter function 304 reports the gathered network traffic data to 
director function 102. For the illustrated embodiment, the reporting are made 
periodically or on demand. The report may be made in any one of a number of 
25 formats, via any one of a number of communication protocols known in the art. 
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Command application function 306 applies the router specific commands 
responsive to the regulation/de-regulation instructions received from director 
function 102. The specific commands are router vendor dependent. 

Figures 4-6 illustrate the operation flow of the relevant aspects of request 
5 function 302, report function 304 and command generation function 306, in 

accordance with one embodiment each. For request function 302, as illustrated in 
fig. 4, upon start up, it awaits expiration of a timer, block 402. The periodicity of 
expiration is application dependent. Upon expiration of the timer, at block 404, 
request function 302 requests its responsible router/routers for network traffic data 
n 10 of the network traffics of interest. At blocks 406 and 408, request function 302 
/S; accumulates and saves the network traffic data provided. Upon completion of the 
^ data transfer, requestor function 302 returns to block 402. However, if timer has not 
fi expired, block 402, request function 302 determines if any regulation/de-regulation 
■ commands are to be sent to its responsible router/routers, block 410. If there are 
15 commands queued awaiting transmission to the router/routers, request function 302 
y : * dequeues and sends the commands to the router/routers accordingly, block 412. 

0 Upon sending the commands, request function 302 returns again to block 402. 

For report function 304, as illustrated in fig. 5, in like manner, upon start up, it 
awaits for the expiration of a timer, block 502. Likewise, the periodicity of expiration 
20 is application dependent. Upon expiration, i.e. time for reporting, report function 
304, takes the most recently received and saved network traffic data, and sends 
them to director function 102, as earlier described, blocks 504-506. Upon 
transmission, report function 304 returns to block 502. 

For command application function 306, as illustrated in fig. 6, upon start up, it 
25 awaits for regulation/de-regulation instructions from director 102, block 602. Upon 
receipt of regulation/de-regulation instructions, command application function 306 
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generates the appropriate commands for the particular router/routers the sensor 
function is responsible, and queues the commands for transmission to the 
router/routers, as alluded to earlier. Upon generating and queuing the appropriate 
commands, generation function 306 returns to block 602 to await additional 
5 regulation/de-regulation instructions from director function 102. 

Figure 7 illustrates an architectural view of a standalone sensor, 
implementing the earlier described sensor function 104, in accordance with a 
hardware/firmware implementation. As illustrated, sensor 700 includes processor 
702, non-volatile memory 704, LAN and WAN interfaces 706 and 708. Processor 

10 702 and non-volatile memory 704 are intended to represent a broad range of these 
elements known in the art. In the case of processor 702, it may be any 8-bit/1 6-bit 
micro-controllers, or 16-bit/32-bit digital signal processors, or even more powerful 
general purpose microprocessors known in the art. Non-volatile memory 704 may 
be EEPROM, Flash memory or other memory of the like. Non-volatile memory 704 

15 is employed to store the firmware implementing the earlier described request, report 
and command generation functions of sensor 700, and for the embodiment, 
facilitates these functions execution in place. LAN interface 706 may be an 
Ethernet, Token Ring or other LAN interfaces of like kind. WAN interface 708 may 
be a modem, or an ISDN or DS3 adapter as well as other higher speed interfaces. 

20 In an alternate embodiment, request, report and command application 

functions 302-306 of Fig. 3, may be implemented in software via high level 
languages such as C, and the software implementation may be hosted by a 
computing device near its responsible router/routers, provided the hosting 
computing device is properly equipped with the appropriate communication 

25 interfaces to communicate with its responsible router/routers, and director function 
102. 
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In yet other embodiments, as alluded to earlier, request, report and command 
application functions 302-306 of Fig. 3, may be incorporated as an integral part of 
its responsible router. In these embodiments, instead of gathering the network 
traffic data via request/reply transaction conducted over a communication protocol, 
request function 302 may gather the network traffic data through bus transactions, 
such as direct memory access (DMA) operations accessing the appropriate internal 
storage units of the router for the collected data. Similarly, in lieu of applying 
commands designed for a command interface, command application functions may 
directly invoke the applicable router routines to cause the routing operation 
alteration to be effectuated instead. 



Director 

Referring now to fig. 8, wherein a component view of director function 102, in 
accordance with one embodiment is shown. As illustrated, director function 102 is 
also implemented on a standalone device outside of the monitored/regulated routers 
106a-106b. Director function 102 includes send/receive function 802, analyzer 804, 
and regulator 806, operatively coupled to each other as shown. Send/receive 
function 802 is employed to receive network traffic data reported by sensor functions 
104, and to send regulation/de-regulation instructions to the applicable sensor 
functions or the routers directly. Analyzer 804 analyzes the network traffic data 
reported to determine if the networking device of interest is meeting its service level 
goals/commitments, whether regulation/de-regulation actions need to be taken to 
regulate selected network traffics to enhance the likelihood of the networking device 
of interest being able to meet their service level goals/commitments, and alerts 
regulator 806 accordingly. In one embodiment, analyzer 804 determines whether 
the networking device of interest are meeting its service level goals/commitments, 
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and whether a group of other network traffics are to be regulated/deregulated, 
based on the reported data, as described earlier. Regulator 806 is used to 
determine the location or locations of regulation/de-regulation (i.e. the routers), and 
what the regulation/de-regulation actions should be. 
5 Figures 9-1 0 illustrate the operational flow of the relevant aspects of the 

send/receive, analyzer and regulation functions 802-806, in accordance with one 
embodiment each. As illustrated in Fig. 9, for the send/receive function, upon start 
up, it determines if there are network traffic data to be received from the sensors, 
block 902. If there are, send/receive function 802 receives the network traffic data 

10 being reported accordingly. If there are not, send/receive function 802 determines if 
there are regulation/de-regulation instructions to be sent to the sensors. If there are, 
send/receive function 802 sends the regulation/regulation instructions accordingly. 
If there are not, send/receive function 802 returns to block 902 to determine if there 
are data to be received again. 

15 As illustrated in fig. 10, upon start up, analyzer 804 determines if there are 

networking devices to be analyzed, block 1002. If there are not, it awaits for the 
"enrollment" of a networking device of interest. If there are, analyzer 804 selects a 
networking device to be analyzed, block 1004. Analyzer 804 first determines if the 
networking device is meeting its service level goals/commitments, block 1006. If the 

20 networking device is meeting its service level goals/commitments, analyzer 804 
further determines if regulation of a group of other network traffics are currently 
being administered on behalf of the networking device to enhance its ability to meet 
the service level goals/commitments, block 1008. If either the networking device is 
not meeting its service level goals/commitments, and at least one other group of 

25 network traffic is contributing to the non-meeting of the service level 

goals/commitments, or the networking device is consistently meeting its service level 
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goals/commitments, and regulation is being administered on its behalf, analyzer 804 
notifies regulator 806 accordingly. 

As illustrated in Fig. 11, upon receipt of an alert, regulator 806 determines if 
the alert is for regulation or de-regulation, block 1 102. If the alert is for regulation, 
regulator 806 selects the locations to be regulated, block 1106. Further, regulator 
806 also determines the level of regulation, e.g. how much bandwidth to reduce, or 
how many priority levels to drop, with respect to the target network traffic, block 
1108. In one embodiment, the moderations are made in pre-determined small 
quantities and iteratively increased. Upon making these determinations, regulator 
806 provides the appropriate sensor functions (or the routers directly) with the 
regulation/de-regulation instructions accordingly, block 1114. In alternate 
embodiments, the amount of moderations may be determined through the 
employment of predictive models. On the other hand, if the alert is for de-regulation, 
regulator 806 selects the "outermost" regulated routers for de-regulation, block 
1110. Further, regulator 806 determines the level of de-regulation, e.g. how much 
bandwidth to increase, or how many priority levels to bump up, block 1112. 
Similarly, the relaxations are made in pre-determined small quantities and iteratively 
increased, or in alternate embodiments, in accordance with selected predictive 
models. Upon making these determinations, regulator 806 provides the appropriate 
sensor functions (or the routers directly) with the regulation/de-regulation 
instructions accordingly, block 1114. 

Example Host Computer System 
Figure 12 illustrates an example computer system suitable for use as either a 
host to a software implementation of a sensor, or the director in accordance with 
one embodiment. As shown, computer system 1200 includes one or more 

Anderson et al - Distributed 20 Express Ma il Label No: 

Service Level Management For . . . EL910784302US 



Attorney Docket Ref: 41007.P006 

processors 1202 (typically depending on whether it is used as host to sensor or the 
director), and system memory 1204. Additionally, computer system 1200 includes 
mass storage devices 1206 (such as diskette, hard drive, CDROM and so forth), 
input/output devices 1208 (such as keyboard, cursor control and so forth) and 
5 communication interfaces 1210 (such as network interface cards, modems and so 
forth). The elements are coupled to each other via system bus 1212, which 
represents one or more buses. In the case of multiple buses, they are bridged by 
one or more bus bridges (not shown). Each of these elements perform its 
conventional functions known in the art. In particular, system memory 1504 and 
10 mass storage 1506 are employed to store a working copy and a permanent copy of 
* the programming instructions implementing the teachings of the present invention. 
j| The permanent copy of the programming instructions may be loaded into mass 
H storage 1206 in the factory, or in the field, as described earlier, through a distribution 
U1 medium (not shown) or through communication interface 1210 (from a distribution 
O 15 server (not shown). The constitution of these elements 1202-1212 are known, and 
W accordingly will not be further described. 

Conclusion and Epilogue 
Thus, it can be seen from the above descriptions, a novel method and 
20 apparatus for distributive^ managing service level commitments has been described. 
The novel scheme enables the quality of service provided by a networking device to 
be ensured, including nullification of denial of service attacks, without imposing the 
burden of management on the networking device itself. 

While the present invention has been described in terms of the above 
25 illustrated embodiments, those skilled in the art will recognize that the invention is not 
limited to the embodiments described. The present invention can be practiced with 
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modification and alteration within the spirit and scope of the appended claims. For 
examples, as alluded to earlier, the present invention may be practiced with more or 
less sensors, more directors, and so forth. Further, regulations may be applied or 
relaxed in response to the assumption of additional or removal of service level 
goals/commitments by the networking device of interest. Alternatively, as opposed to 
causing regulations to be automatically applied or relaxed, at least some of the 
regulation/de-regulation may be suggested to a networking administrator instead. 

Thus, the description is thus to be regarded as illustrative instead of restrictive 
on the present invention. 



Anderson et al - Distributed 
Service Level Management For . 



22 



Express Mail Label No: 
EL910784302US 



